Get the new release here: http://www.openinfosecfoundation.org/download/suricata-0.9.1.tar.gz
- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful
- multiple regressions in the detection engine causing false negatives were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved
Known issues & missing features
We have made significant progress towards reaching our first full (non-beta) release of Suricata. Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete. With this in mind, please notice the list we have included of known items we are working on.
- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts for the same event
See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.
|< Prev||Next >|